AV-TEST study sees search engine results even more poisoned with malicious links

Pierluigi Paganini October 30, 2016

According to a study published by the independent anti-virus testing outfit AV-TEST, the number of malicious search engine results has been increasing.

The vast majority of the Internet users blindly trust data provided in response to their queries to the search engines. Actually, search engine results are increasingly poisoned with malicious links, the experts noticed a significant increase of the phenomena compared to the past.

It has been estimated that poisoned search engine results are displayed almost six times this year compared to 2013.

The threat is serious, Google and other search engines even more frequent provides malicious links in search results that lead to compromised websites used by crooks to deliver malware.

According to a study published by the independent anti-virus testing outfit AV-TEST, the number of malicious search engine results has been increasing year by year since 2013. The data are worrisome if we consider that across the year the defensive solutions have been more sophisticated.

The study analyzed search engine results in various queries from Google, Bing, Yandex and Faroo. The experts also analyzed over the past two years more than 515 million Twitter updates including malicious links.

“Search engines such as Google and others provide access to roughly more than 1 billion websites and globally handle 4 to 6 billion search queries – daily.” reads the study. “AV-TEST analyzed 80 million websites and discovered an unsettling trend.

“the number of infected results has been increasing year by year since 2013, despite the fact that search engine operators use many tools and technologies to try to filter them out.”

Experts at AV-TEST.org examined 80 million websites, identifying 18,280 infected web pages, while in the year up to August the organization inspected 81 million websites spotting more than 29,632 infected web pages.

search engine results study-logo

It is important to remark that the search engine results were recorded by disabling the Google Safe Browsing feature.

“Both evaluations from AV-TEST through the year 2015 up until August 2016 ultimately yield two important final results (without Google safe browsing)” reads the study.

  • 2015, 80 million websites examined: 18,280 infected web pages
  • 2016 (up to Aug.), 81 million websites examined: 29,632 infected web pages

search engine results study

Both figures are disconcerting is compared with search engine results obtained in a past study dated 2013.

“By comparison: already in 2013, among roughly 40 million web pages examined, 5,060 malware threats were found. You don’t need to be a mathematician to see this clear growth trend.” continues the study.

The researchers performed also a sort of counter-test visiting the pages with malware threats found by AV-TEST, with the Google Safe Browsing tools. They reported the following results:

  • 2015: 18,280 pages with malware threats, 555 Google warnings
  • 2016: 29,632 pages with malware threats, 1,337 Google warnings

Maik Morgenstern, chief technology officer at AV-TEST.org, explained that discrepancy in the number of threats for search engine results due to the dynamic content of the web pages. It means that tools see something different everytime they access the site due to dynamic content such as malicious ads.

“It could be the ads on the website that have been flagged as suspicious by us and that changes every time you access the site,” said Morgenstern. “Or the website is delivering different content randomly or it does so by checking the user agent or location of the user.

“Also I do not know what the interval is that Google/Bing are scanning the sites for malware. There will always be a certain timeframe where malicious content could be on the site without Google/Bing knowing it, even if they were able to detect it. It is also possible that we flagged content as suspicious that is not considered suspicious by Google/Bing.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – search engine results, malware)

[adrotate banner=”13″]

you might also like

leave a comment